...

Source file src/github.com/google/s2a-go/internal/authinfo/authinfo.go

Documentation: github.com/google/s2a-go/internal/authinfo

     1  /*
     2   *
     3   * Copyright 2021 Google LLC
     4   *
     5   * Licensed under the Apache License, Version 2.0 (the "License");
     6   * you may not use this file except in compliance with the License.
     7   * You may obtain a copy of the License at
     8   *
     9   *     https://www.apache.org/licenses/LICENSE-2.0
    10   *
    11   * Unless required by applicable law or agreed to in writing, software
    12   * distributed under the License is distributed on an "AS IS" BASIS,
    13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14   * See the License for the specific language governing permissions and
    15   * limitations under the License.
    16   *
    17   */
    18  
    19  // Package authinfo provides authentication and authorization information that
    20  // results from the TLS handshake.
    21  package authinfo
    22  
    23  import (
    24  	"errors"
    25  
    26  	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
    27  	contextpb "github.com/google/s2a-go/internal/proto/s2a_context_go_proto"
    28  	grpcpb "github.com/google/s2a-go/internal/proto/s2a_go_proto"
    29  	"google.golang.org/grpc/credentials"
    30  )
    31  
    32  var _ credentials.AuthInfo = (*S2AAuthInfo)(nil)
    33  
    34  const s2aAuthType = "s2a"
    35  
    36  // S2AAuthInfo exposes authentication and authorization information from the
    37  // S2A session result to the gRPC stack.
    38  type S2AAuthInfo struct {
    39  	s2aContext     *contextpb.S2AContext
    40  	commonAuthInfo credentials.CommonAuthInfo
    41  }
    42  
    43  // NewS2AAuthInfo returns a new S2AAuthInfo object from the S2A session result.
    44  func NewS2AAuthInfo(result *grpcpb.SessionResult) (credentials.AuthInfo, error) {
    45  	return newS2AAuthInfo(result)
    46  }
    47  
    48  func newS2AAuthInfo(result *grpcpb.SessionResult) (*S2AAuthInfo, error) {
    49  	if result == nil {
    50  		return nil, errors.New("NewS2aAuthInfo given nil session result")
    51  	}
    52  	return &S2AAuthInfo{
    53  		s2aContext: &contextpb.S2AContext{
    54  			ApplicationProtocol:  result.GetApplicationProtocol(),
    55  			TlsVersion:           result.GetState().GetTlsVersion(),
    56  			Ciphersuite:          result.GetState().GetTlsCiphersuite(),
    57  			PeerIdentity:         result.GetPeerIdentity(),
    58  			LocalIdentity:        result.GetLocalIdentity(),
    59  			PeerCertFingerprint:  result.GetPeerCertFingerprint(),
    60  			LocalCertFingerprint: result.GetLocalCertFingerprint(),
    61  			IsHandshakeResumed:   result.GetState().GetIsHandshakeResumed(),
    62  		},
    63  		commonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity},
    64  	}, nil
    65  }
    66  
    67  // AuthType returns the authentication type.
    68  func (s *S2AAuthInfo) AuthType() string {
    69  	return s2aAuthType
    70  }
    71  
    72  // ApplicationProtocol returns the application protocol, e.g. "grpc".
    73  func (s *S2AAuthInfo) ApplicationProtocol() string {
    74  	return s.s2aContext.GetApplicationProtocol()
    75  }
    76  
    77  // TLSVersion returns the TLS version negotiated during the handshake.
    78  func (s *S2AAuthInfo) TLSVersion() commonpb.TLSVersion {
    79  	return s.s2aContext.GetTlsVersion()
    80  }
    81  
    82  // Ciphersuite returns the ciphersuite negotiated during the handshake.
    83  func (s *S2AAuthInfo) Ciphersuite() commonpb.Ciphersuite {
    84  	return s.s2aContext.GetCiphersuite()
    85  }
    86  
    87  // PeerIdentity returns the authenticated identity of the peer.
    88  func (s *S2AAuthInfo) PeerIdentity() *commonpb.Identity {
    89  	return s.s2aContext.GetPeerIdentity()
    90  }
    91  
    92  // LocalIdentity returns the local identity of the application used during
    93  // session setup.
    94  func (s *S2AAuthInfo) LocalIdentity() *commonpb.Identity {
    95  	return s.s2aContext.GetLocalIdentity()
    96  }
    97  
    98  // PeerCertFingerprint returns the SHA256 hash of the peer certificate used in
    99  // the S2A handshake.
   100  func (s *S2AAuthInfo) PeerCertFingerprint() []byte {
   101  	return s.s2aContext.GetPeerCertFingerprint()
   102  }
   103  
   104  // LocalCertFingerprint returns the SHA256 hash of the local certificate used
   105  // in the S2A handshake.
   106  func (s *S2AAuthInfo) LocalCertFingerprint() []byte {
   107  	return s.s2aContext.GetLocalCertFingerprint()
   108  }
   109  
   110  // IsHandshakeResumed returns true if a cached session was used to resume
   111  // the handshake.
   112  func (s *S2AAuthInfo) IsHandshakeResumed() bool {
   113  	return s.s2aContext.GetIsHandshakeResumed()
   114  }
   115  
   116  // SecurityLevel returns the security level of the connection.
   117  func (s *S2AAuthInfo) SecurityLevel() credentials.SecurityLevel {
   118  	return s.commonAuthInfo.SecurityLevel
   119  }
   120  

View as plain text